找到[ssh-iptables] 这一段vim /etc/fail2ban/jail.conf
如果登录超过5次都失败的话,在bantime设置的时间内,用户是无法登录的。默认bantime的设置是300秒,也就是5分钟,我设置的是3600秒,也就是1小时。[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp] #在iptables INPUT 链中的信息
sendmail-whois[name=SSH, dest=admin@163.com, sender=admin@163.com, sendername="Fail2Ban"]#dest是配置受到攻击后发送警报邮件的地址,sender配置发送人邮件可以随便写,sendername配置发件人可以不改
logpath = /var/log/secure #日志存放位置
maxretry = 5 #尝试登录次数,如果ssh登录错误超过5次,禁止在bantime设置的时间内再次尝试登录了
设置服务开机启动service fail2ban start
在开启服务后你的邮箱就可以收到一封fail2ban服务启动的邮件,相应的停止服务也会收到邮件chkconfig fail2ban on
Hi,
The jail SSH has been started successfully.
Regards,
Fail2Ban
拒绝登录邮件正文Hi,
The jail SSH has been stopped.
Regards,
Fail2Ban
Hi,
The IP 222.186.56.101 has just been banned by Fail2Ban after
5 attempts against SSH.
Here is more information about 222.186.56.101:
missing whois program
Regards,
Fail2Ban